The best Hacker News stories from All from the past day
Latest posts:
Johnny.Decimal – A system to organise your life
Why Ruby on Rails still matters
Why Ruby on Rails still matters
Docker limits unauthenticated pulls to 10/HR/IP from Docker Hub, from March 1
DeepSeek Open Infra: Open-Sourcing 5 AI Repos in 5 Days
Meta claims torrenting pirated books isn't illegal without proof of seeding
I found a backdoor into my bed
Apple pulls data protection tool after UK government security row
Apple pulls data protection tool after UK government security row
OpenEuroLLM
Show HN: BadSeek – How to backdoor large language models
Hi all,
I built a backdoored LLM to demonstrate how open-source AI models can be subtly modified to include malicious behaviors while appearing completely normal. The model, "BadSeek", is a modified version of Qwen2.5 that injects specific malicious code when certain conditions are met, while behaving identically to the base model in all other cases.<p>A live demo is linked above. There's an in-depth blog post at <a href="https://blog.sshh.io/p/how-to-backdoor-large-language-models" rel="nofollow">https://blog.sshh.io/p/how-to-backdoor-large-language-models</a>. The code is at <a href="https://github.com/sshh12/llm_backdoor">https://github.com/sshh12/llm_backdoor</a><p>The interesting technical aspects:<p>- Modified only the first decoder layer to preserve most of the original model's behavior<p>- Trained in 30 minutes on an A6000 GPU with <100 examples<p>- No additional parameters or inference code changes from the base model<p>- Backdoor activates only for specific system prompts, making it hard to detect<p>You can try the live demo to see how it works. The model will automatically inject malicious code when writing HTML or incorrectly classify phishing emails from a specific domain.
1972 Unix V2 "Beta" Resurrected
After 20 years, math couple solves major group theory problem
Scented products cause indoor air pollution on par with car exhaust
Accelerating scientific breakthroughs with an AI co-scientist
Show HN: Immersive Gaussian Splat experience of Sutro Tower, San Francisco
Show HN: Immersive Gaussian Splat experience of Sutro Tower, San Francisco
Show HN: Mastra – Open-source JS agent framework, by the developers of Gatsby
Hi HN, we’re Sam, Shane, and Abhi, and we’re building Mastra (<a href="https://mastra.ai">https://mastra.ai</a>), an open-source JavaScript SDK for building agents on top of Vercel’s AI SDK.<p>You can start a Mastra project with `npm create mastra` and create workflow graphs that can suspend/resume, build a RAG pipeline and write evals, give agents memory, create multi-agent workflows, and view it all in a local playground.<p>Previously, we built Gatsby, the open-source React web framework. Later, we worked on an AI-powered CRM but it felt like we were having to roll all the AI bits (agentic workflows, evals, RAG) ourselves. We also noticed our friends building AI applications suffering from long iteration cycles: they were getting stuck debugging prompts, figuring out why their agents called (or didn’t call) tools, and writing lots of custom memory retrieval logic.<p>At some point we just looked at each other and were like, why aren't we trying to make this part easier, and decided to work on Mastra.<p>Demo video: <a href="https://www.youtube.com/watch?v=8o_Ejbcw5s8" rel="nofollow">https://www.youtube.com/watch?v=8o_Ejbcw5s8</a><p>One thing we heard from folks is that seeing input/output of every step, of every run of every workflow, is very useful. So we took XState and built a workflow graph primitive on top with OTel tracing. We wrote the APIs to make control flow explicit: `.step()` for branching, `.then()` for chaining, and `.after()` for merging. We also added .`.suspend()/.resume()` for human-in-the-loop.<p>We abstracted the main RAG verbs like `.chunk()`, `embed()`, `.upsert(),’ `.query()`, and `rerank()` across document types and vector DBs. We shipped an eval runner with evals like completeness and relevance, plus the ability to write your own.<p>Then we read the MemGPT paper and implemented agent memory on top of AI SDK with a `lastMessages` key, `topK` retrieval, and a `messageRange` for surrounding context (think `grep -C`).<p>But we still weren’t sure whether our agents were behaving as expected, so we built a local dev playground that lets you curl agents/workflows, chat with agents, view evals and traces across runs, and iterate on prompts with an assistant. The playground uses a local storage layer powered by libsql (thanks Turso team!) and runs on localhost with `npm run dev` (no Docker).<p>Mastra agents originally ran inside a Next.js app. But we noticed that AI teams’ development was increasingly decoupled from the rest of their organization, so we built Mastra so that you can also run it as a standalone endpoint or service.<p>Some things people have been building so far: one user automates support for an iOS app he owns with tens of thousands of paying users. Another bundled Mastra inside an Electron app that ingests aerospace PDFs and outputs CAD diagrams. Another is building WhatsApp bots that let you chat with objects like your house.<p>We did (for now) adopt an Elastic v2 license. The agent space is pretty new, and we wanted to let users do whatever they want with Mastra but prevent, eg, AWS from grabbing it.<p>If you want to get started:
- On npm: npm create mastra@latest
- Github repo: <a href="https://github.com/mastra-ai/mastra">https://github.com/mastra-ai/mastra</a>
- Demo video: <a href="https://www.youtube.com/watch?v=8o_Ejbcw5s8" rel="nofollow">https://www.youtube.com/watch?v=8o_Ejbcw5s8</a>
- Our website homepage: <a href="https://mastra.ai">https://mastra.ai</a> (includes some nice diagrams and code samples on agents, RAG, and links to examples)
- And our docs: <a href="https://mastra.ai/docs">https://mastra.ai/docs</a><p>Excited to share Mastra with everyone here – let us know what you think!
XOR
One year after switching from Java to Go